SB2020121728 - Multiple vulnerabilities in NZXT CAM
Published: December 17, 2020 Updated: October 9, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 11 secuirty vulnerabilities.
1) Improper Privilege Management (CVE-ID: CVE-2020-13509)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver Privileged I/O Read IRPs functionality. A local user can send a specially crafted 0x9c4060cc I/O request packet (IRP) and gain unauthorized access to sensitive information on the system.
Note: This IRP reads only a single byte.
2) Improper Privilege Management (CVE-ID: CVE-2020-13511)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver Privileged I/O Read IRPs functionality. A local user can send a specially crafted 0x9c4060d4 I/O request packet (IRP) and gain unauthorized access to sensitive information on the system.
Note: This IRP reads four bytes (one dword).
3) Improper Privilege Management (CVE-ID: CVE-2020-13510)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver Privileged I/O Read IRPs functionality. A local user can send a specially crafted 0x9c4060d0 I/O request packet (IRP) and gain unauthorized access to sensitive information on the system.
Note: This IRP reads two bytes (one word).
4) Improper Privilege Management (CVE-ID: CVE-2020-13519)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver IRP 0x9c402088 functionality. A local user can send a specially crafted I/O request packet (IRP), access the "writemsr" function and escalate privileges.
5) Improper Privilege Management (CVE-ID: CVE-2020-13518)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver IRP 0x9c402084 functionality. A local user can send a specially crafted I/O request packet (IRP), access the "rdmsr" function and gain unauthorized access to sensitive information on the system.
6) Improper Privilege Management (CVE-ID: CVE-2020-13517)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver IRP 0x9c406104 functionality. A local user can send a specially crafted I/O request packet (IRP), access the "MmMapIoSpace" function and gain unauthorized access to sensitive information on the system.
7) Improper Privilege Management (CVE-ID: CVE-2020-13516)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver IRP 0x9c406144 functionality. A local user can send a specially crafted I/O request packet (IRP), access the "HalGetBusDataByOffset" function and gain unauthorized access to sensitive information on the system.
8) Improper Privilege Management (CVE-ID: CVE-2020-13515)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver IRP 0x9c40a148 functionality. A local user can send a specially crafted I/O request packet (IRP), access the "HalSetBusDataByOffset" function and escalate privileges.
9) Improper Privilege Management (CVE-ID: CVE-2020-13514)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver Privileged I/O Write IRPs functionality. A local user can send a specially crafted 0x9c40a0e0 I/O request packet (IRP) and escalate privileges.
Note: This IRP writes four bytes (one dword) to the specific processor I/O port.
10) Improper Privilege Management (CVE-ID: CVE-2020-13513)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver Privileged I/O Write IRPs functionality. A local user can send a specially crafted 0x9c40a0dc I/O request packet (IRP) and escalate privileges.
Note: This IRP writes two bytes (1 word) to the specific processor I/O port.
11) Improper Privilege Management (CVE-ID: CVE-2020-13512)
The vulnerability allows a local user to escalate privileges.
The vulnerability exists due to improper privilege management in the WinRing0x64 Driver Privileged I/O Write IRPs functionality. A local user can send a specially crafted 0x9c40a0d8 I/O request packet (IRP) and escalate privileges.
Note: This IRP writes only a single byte to the specific processor I/O port.
Remediation
Install update from vendor's website.
References
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1110
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1116
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1115
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1114
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1113
- https://talosintelligence.com/vulnerability_reports/TALOS-2020-1112
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1111